Vulnerabilities > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2025-01-15	CVE-2024-12423	The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2025-01-15	CVE-2024-12818	The WP Smart TV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tv-video-player' shortcode in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-15	CVE-2024-11870	The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-15	CVE-2024-13394	The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity CWE-79	6.4
2025-01-15	CVE-2025-21101	Race Condition vulnerability in Dell Display Manager Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion. local high complexity dell CWE-362	6.3
2025-01-15	CVE-2024-13334	The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. network low complexity CWE-79	6.1
2025-01-14	CVE-2024-10253	A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. local high complexity	4.7
2025-01-14	CVE-2024-10254	A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. local high complexity	4.7
2025-01-14	CVE-2024-45102	A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. network high complexity	6.8
2025-01-14	CVE-2025-23018	Unspecified vulnerability in Ietf Ipv6 IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. network high complexity ietf	6.5

Vulnerabilities > Medium {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Medium"}]}

Vulnerabilities > Medium